Analysis

  • max time kernel
    47s
  • max time network
    140s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    02-06-2024 02:52

General

  • Target

    8caa3427932ea23a8dd107152dccc910_JaffaCakes118.apk

  • Size

    3.6MB

  • MD5

    8caa3427932ea23a8dd107152dccc910

  • SHA1

    ebcdc641284da1864ca37a8aa7fd07cce2ac65ba

  • SHA256

    3a12f0528a4379b52b6cb07832c1d577d58b2f9559e6844775579cac7c0d9a8d

  • SHA512

    10bee6e12c88973f9569ebe4e4133218a4ae430c36361d00c20ceefeec7d54b9b1a3cb029a37483ccdebaa55d77ac1c76f5ad1b83ff192feb29cd09a77190111

  • SSDEEP

    98304:GccnaVv95Utqy/+7gg688dLW4g2SRQwzof8m7p:GccaVv4z/+7U88tW4uQw684p

Malware Config

Signatures

Processes

  • com.kingkr.kxegohs
    1⤵
    • Checks if the Android device is rooted.
    • Checks CPU information
    • Checks memory information
    • Obtains sensitive information copied to the device clipboard
    • Queries information about the current Wi-Fi connection
    • Checks if the internet connection is available
    • Requests cell location
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4666

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.kingkr.kxegohs/app_crashrecord/1004

    Filesize

    58B

    MD5

    0d210bfb2a0e1f1b4c082a6a0f79de07

    SHA1

    bb8ed9e364db79d1d9f2fcde3f15091893222faa

    SHA256

    988722c23d78a46021d0e7ca9deee7aa8bb83288269174ffacb7316f381cca1d

    SHA512

    536e9867b0df29b15b789f8949be6ab37fcdeccb9d39ded981da7dc2052c9533d0ec0e6f9a5444132977605d372e1463d91bdde41b528ff2ca3f65ab152325c1

  • /data/user/0/com.kingkr.kxegohs/app_crashrecord/1004

    Filesize

    238B

    MD5

    db89d2f64a67c1aa4acbc4f8e1d30419

    SHA1

    545fa5b3a5a949edef24784a3ef68b7ddb4954ca

    SHA256

    c4d76831a2937f819f692c8da3f77852935ffc7f0a743f08c120159cea224bea

    SHA512

    304ffae986d7d27be7e82df932de9c2e91e24fb47d6a564905f03088f15a56b08bdea4a16e72c45319a4a6b9f6efab81cb8ed1080b729df8ee09b157e8b123b1

  • /data/user/0/com.kingkr.kxegohs/app_tbs/core_private/debug.conf

    Filesize

    101B

    MD5

    67881de150fc04b1cfa9614fb2818b43

    SHA1

    c0ad04c4f9dbc52ed3e23989f4d16cf9e469a3f4

    SHA256

    77d4cbc2e541ceb31ee7784b1fde7bd0c925ddbbd109792b2ca6686286cda72b

    SHA512

    6f888e5fc92f2bb0fb43fa5e47a35a7458f4d2fa8c6a216fb7ab971d8a1e5ab9436efa21811a002ffc308f6c4aeff63635fd211a6b129f70761e7d0611be0a52

  • /data/user/0/com.kingkr.kxegohs/cache/image_manager_disk_cache/journal.tmp

    Filesize

    31B

    MD5

    8c92de9ce46d41a22f3b20f77404cc1d

    SHA1

    8671a6dca00edb72be47363a7071be65cf270373

    SHA256

    68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

    SHA512

    30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

  • /data/user/0/com.kingkr.kxegohs/databases/0M3006CS7U0ZC2K3-access.db

    Filesize

    20KB

    MD5

    e8a3cf1519f76f90fe66482692fb2735

    SHA1

    de43fce34992dbfeb9d216b1ecf45e489c7a67f5

    SHA256

    950dcb46fb427d6c603ddf7b05954f5dcd02840e0a0657a40b71d0d6ebf488f0

    SHA512

    21b0c416e7ad89bb460aa7e8211c626aa20df41bdf46afd10877c6234649bd0a4de301c88af57a7000750a208774e06e2a30340cd9f96947b962f6e9ba112651

  • /data/user/0/com.kingkr.kxegohs/databases/0M3006CS7U0ZC2K3-access.db-journal

    Filesize

    512B

    MD5

    8adcbb8fe3e9649a94f1e39192daa015

    SHA1

    7925497682404edbbb4156398a4273fbcea70006

    SHA256

    cc882a7296e8af9c5eb5437ec98dc6eb117a0b9d952e47893ecf4c45804c2c0a

    SHA512

    a3f7b283757303fb76ab6cc5f31393e0ffe46017346fb70aacb9bbf21689bd976fe3dc44a34972efa8c70e01ededc03140d8a4174a7471fe08ceef852c53a261

  • /data/user/0/com.kingkr.kxegohs/databases/0M3006CS7U0ZC2K3-access.db-journal

    Filesize

    8KB

    MD5

    2ab3bd6012880e3c9ad3f6acea86c87d

    SHA1

    ee1ead8666f276a571014158ff7ad153e15f6b92

    SHA256

    ea8473e812eda38f7fd20feafb4b7174ee52d499ef602d49b8fa624ebd5d3ff5

    SHA512

    06ff394a702fdfadd63af0970dd2b28267539b968777b9146b1da644ddd3deb5fe96584a5655170c7ae75bca4cb63de332c314b0cd9b87a0e81521c0c8696084

  • /data/user/0/com.kingkr.kxegohs/databases/0M3006CS7U0ZC2K3-access.db-journal

    Filesize

    8KB

    MD5

    7731771c4261ac24aae4d9e44a00fe56

    SHA1

    f17f7659f6f8e2c7923368a6b4ef795217641082

    SHA256

    8b5b36f5eb39463b6f4c6cc894fb76615b006764a127ff5bc64a0a38c96ccc76

    SHA512

    00ba9c4f06c52335b1e1c6320051894fb8a2a7d22a589985f1b521601932c55560a602cd85a63808de36723ca794ccf0de787af1760f7b9df60378f6cde73018

  • /data/user/0/com.kingkr.kxegohs/databases/bugly_db_

    Filesize

    52KB

    MD5

    321c4f4f1d15299cf03ed4172f384274

    SHA1

    e42666ca29bc8313d6e10ec19dcaa79a37136174

    SHA256

    a5146789d256662aa5e7cdd5c935322f2ab1e3fc7e586b04c0226dc0faf1c3bb

    SHA512

    9b88a7f7c8acc8e36db065b9560e59da23f4d0d0a070d695b78f25300ea6bbe91a944a8434e885760af5a19006848904bab0cca5e200821dd3b4071cf4216cf9

  • /data/user/0/com.kingkr.kxegohs/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    318e6fdaafc849a3ae80dcd5ec77bf6b

    SHA1

    1daf9713f8fc12d2e49b0303a938175c08555211

    SHA256

    bd9e6d659cb88039bcaa81692043660dc4f29ea3751e8e336268ca3a73b20e26

    SHA512

    ccd9739a2cbd22230a47d21c64aa66aa94c427cb253262c524a7680ed36824c15fd577228e7fc8e0207db2ca53df4b115fd8128f9f66ef1a9da4c1221d69887a

  • /data/user/0/com.kingkr.kxegohs/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    08613f1023f1963b5d2397b04e58ebc8

    SHA1

    896c7456a99824c778920f6ccdc5c64eaddaeec6

    SHA256

    2e50a418b43574500caa69e229245194484f3cce64c0b2e5e6fbddd5bd7e60c9

    SHA512

    e10965335287e9444d806c821ad36c3178b3adbd0d65dc8a40504e3f7c7bc87675f63a2bfcafa73adc963031c915aa82788ce5ad8b6a7912d174e5136687f4ce

  • /data/user/0/com.kingkr.kxegohs/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    b7c063ba6e159bcc213960df55671e19

    SHA1

    b1d77db28008362f340662aa5c90d5113fc1be3e

    SHA256

    37cbfc2838a4253ce6690c3eca7667e47e29b72d182a49309818236cfdc0daf6

    SHA512

    701007458796df2df61e25447b3e944292d06e6f64c415960a12098bec63aab95ceccbf39bd8e0e22e72f86037322033fba1b9c522d64fc5f24be0572d155b64

  • /data/user/0/com.kingkr.kxegohs/databases/bugly_db_-journal

    Filesize

    8KB

    MD5

    752e7273e1d5897a3105be471a7c7c64

    SHA1

    b99f84e6d8a740d7300ceb6dc6769c32b1211f12

    SHA256

    b9de4e44b8979768ac46811a62f0392f1dcfd1db9710c4883c942f22977b9b7e

    SHA512

    e060e0fd71d6cd46d396649d969f74556fa11c8f3d280a73d3e91b403ea0c2bf40f9a3c8b956b49763ca1351a17da17c7348762fbbcdd24402c21f95adcd6f6b

  • /data/user/0/com.kingkr.kxegohs/databases/bugly_db_-journal

    Filesize

    512B

    MD5

    3b8c44a88a7d0b02da671e52674112f9

    SHA1

    774583060d702a06b55e06edd46833a4e0c4cc9c

    SHA256

    4c588f65b96ab08a69f9882ff921605606a9930e6d3d6ea7164d31fa5905e6db

    SHA512

    341948953857f2210e756826e0293f010ccf037e147de0c3d7ee98af429ca91f47d0998a90497001df4e10af5ce67df3758c336411159ccfaee108c8c74cdaa8

  • /data/user/0/com.kingkr.kxegohs/databases/ip.db

    Filesize

    20KB

    MD5

    f40a57c66313e33698bdd07e38b00641

    SHA1

    fd8e0a6db4dcf1848270c91412270207f874b127

    SHA256

    65ab2642bdff4a2cb2b79153eab58d04e936cc84d8abe3177e05cae5465ea5d8

    SHA512

    b944aed5333eb991d68aa90a1c28908987147faeca09c144edc532c417408a2fec820cca6bd61e5d985e0e4e855b2808ea6cc7897bafdcce94a90a573cc9f9fb

  • /data/user/0/com.kingkr.kxegohs/databases/ip.db-journal

    Filesize

    512B

    MD5

    421696ca4c5be22aaa2b0330917e628a

    SHA1

    f1eeec2841404beb9bb3d946944fdbee1ea85bb5

    SHA256

    a5aaa81b0d9bdf1e399d8275c35f8ad06abbfaa4cccbb02f509fee78d4d61c3e

    SHA512

    84e9e767a406bef0c3ac7b7b204b5503436b1f2863d6efa24f59a3c3b683de8d365b3b102703bc880679044a403eb20245df30dd4b2653b75a00fd679e9cd5fb

  • /data/user/0/com.kingkr.kxegohs/databases/ip.db-journal

    Filesize

    8KB

    MD5

    5106d67b64a4668dd3ce23e343bb5c22

    SHA1

    24ac293a9226783ef6f2be5fe31e6829d647ecb8

    SHA256

    030d70cdaef572e1bd9fc8c9944d1924b0bcb2071100f9a0fa3115e734a51a86

    SHA512

    25e8c012e45e98d4086e21538145fc5bdb1987a358271e26c7489fbde56f0b6568db61662ae0ca8298c2de4668db6086db76c0bd05a8d663e285a0d92592a5e0

  • /data/user/0/com.kingkr.kxegohs/databases/ip.db-journal

    Filesize

    8KB

    MD5

    7fa734f3b038d6b3514b2bb2cc9abdb8

    SHA1

    eb88db3a1df6b32699c651e29c5647b37529f77f

    SHA256

    62abe4d9db8f3cd4a03d36b45a2fdd0dabd0791ab11d0591cc804ee30004fb68

    SHA512

    0dfabe492ce24d2776ec93f4480054310dee2f2cb77f9202cc8a1664c7f736b1ce84b65f4b771388734e01d78319e604493f1fa07f2ccdb9178ca225bd914bb4

  • /storage/emulated/0/Android/data/com.kingkr.kxegohs/files/tbslog/tbslog.txt (deleted)

    Filesize

    13KB

    MD5

    4eb14f27cc4441dbf88dd7d996470534

    SHA1

    ccae171b0c9439e2f6bfb6d7e583b71a4d7651f3

    SHA256

    2dbab4979c076de98f0256a8c8b026540e4d6007d9b405abbc06dc334775b79d

    SHA512

    98e8d633fa6774fb443a8919082371318f22bdf17dec9fb31220c2f5ebc4410aaec2187fa5a37565c965a29c846f26508ae29ee65a09e724456cd241e7ea439b